CVE-2008-4554
Published: 15 October 2008
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
From the Ubuntu Security Team
Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did not correctly reject the "append" flag when handling file splice requests. A local attacker could bypass append mode and make changes to arbitrary locations in a file. This issue only affected Ubuntu 7.10 and 8.04.
Priority
Status
Package | Release | Status |
---|---|---|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(code not present)
|
dapper |
Not vulnerable
(code not present)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.27)
|
dapper |
Does not exist
|
|
gutsy |
Released
(2.6.22-16.60)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.27)
|
dapper |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(2.6.24-22.45)
|
|
intrepid |
Not vulnerable
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commitdiff;h=efc968d450e013049a662d22727cf132618dcb2f |